Configurable devices are useful because they can be configured to perform various functions based on the needs of the user. One example of a configurable device is a programmable logic device (PLD). A programmable logic device (PLD) is a well-known type of digital integrated circuit that can be programmed to perform specified logic functions.
One type of PLD is the complex programmable logic device (CPLD). A CPLD generally includes two or more “function blocks” connected together and to input/output (I/O) resources by an interconnect switch matrix. Each function block of a CPLD typically includes a two-level AND/OR structure similar to those used in programmable logic arrays (PLAs) and programmable array logic (PAL) devices. In some CPLDs, configuration data is stored on-chip in non-volatile memory, then downloaded to volatile memory as part of an initial configuration sequence. The configuration data configures the function blocks and the interconnect switch matrix to implement the desired functionality.
Another type of PLD, the field programmable gate array (FPGA), typically includes an array of configurable logic blocks (CLBs) and programmable input/output blocks (IOBs). The CLBs and IOBs are interconnected by a programmable interconnect structure. Some FPGAs also include additional logic blocks with special purposes (e.g., DLLs, RAM, multipliers, transceivers, processors). The CLBs, IOBs, interconnect, and other logic blocks are typically programmed by loading a stream of configuration data (bitstream) into internal configuration memory cells that define how the CLBs, IOBs, and interconnect are configured. The configuration data can be read from memory (e.g., an external PROM) or written into the FPGA by an external device. For some FPGAs, the configuration data may be provided by a non-volatile memory, which may be internal or external to the FPGA. The collective states of the individual memory cells then determine the function of the FPGA.
Other configurable or programmable devices may include devices that are partially programmable. For example, an integrated circuit may include various configurable resources, along with non-configurable “fixed” logic circuits. For all of these configurable devices, the functionality of the device is generally controlled by data bits, also known as a bitstream or configuration data, provided to the device for that purpose. The data bits can be stored in volatile memory (e.g., static RAM cells, as in FPGAs and some CPLDs), in non-volatile memory (e.g., FLASH memory, as in some CPLDs), or in any other type of memory cell.
Thus, for example, a manufacturer may design a product using one or more configurable devices, such as a CPLD, by describing the desired functionality in various software tools, and then generating a bitstream to configure the device to perform the desired functions. Once design of the product is complete and the bitstream for configuring the configurable device has been finalized, the manufacturer may start selling the product including the configurable devices and the corresponding bitstream to customers and end users. One problem facing manufacturers is securing the configuration data. The bitstream represents valuable intellectual property for the manufacturer, and manufacturers often want to restrict access to the bitstream, thus preventing others from copying, reverse engineering, or otherwise misappropriating the bitstream. The manufacturer may also want to restrict other access to the configurable device in order to minimize the possibility that the data could be misappropriated through other indirect means.
Therefore, a need exists to secure the configuration data in a programmable device.